Certain labels must always be present in a label_encodings file:
One sensitivity label in the user accreditation range must be defined
One clearance in the user accreditation range must be defined
One information label in the user accreditation range must be defined
Before You Begin
You must be in the Security Administrator role in the global zone.
Provide a name that is different from the installed label_encodings file.
# pfedit label_encodings.myco.single
For example, you could set up an encodings file with the INTERNAL_USE_ONLY classification, and specify no words.
VERSION= MyCompany Single-Label Encodings - 1.01 10/10/11 . . . CLASSIFICATIONS: name= INTERNAL_USE_ONLY; sname= INTERNAL; value= 5; INFORMATION LABELS: WORDS: SENSITIVITY LABELS: WORDS: CLEARANCES: WORDS: CHANNELS: WORDS: PRINTER BANNERS: WORDS:
In the following example, the INTERNAL classification is encoded.
ACCREDITATION RANGE: classification= INTERNAL; only valid compartment combinations: INTERNAL minimum clearance= INTERNAL; minimum sensitivity label= INTERNAL; minimum protect as classification= INTERNAL;
For details, see Modifying Oracle Solaris Extensions.
The following example shows the settings in the ACCREDITATION RANGE section for a single-level label encodings file. A single ANY_CLASS classification is defined. Compartment words A, B, and REL CNTRY 1 are specified for all types of labels.
ACCREDITATION RANGE: classification= ANY_CLASS; only valid compartment combinations: ANY_CLASS A B REL CNTRY1 minimum clearance= ANY_CLASS A B REL CNTRY1; minimum sensitivity label= ANY_CLASS A B REL CNTRY1; minimum protect as classification= ANY_CLASS;Example 3-7 Changing the Single Label Name
In this example, the label_encodings.example file is changed to handle a single-label company. The name= value is changed from SECRET to INTERNAL_USE_ONLY. The sname= value is changed from s to INTERNAL. Neither the value= nor the initial compartments= definition is changed.
CLASSIFICATIONS: name= INTERNAL_USE_ONLY; sname= INTERNAL; value= 5; initial compartments= 4-5 190-239;
In the ACCREDITATION RANGE section, the short name of the classification is replaced. Also, the minimum values are replaced with the new sname.
ACCREDITATION RANGE: classification= INTERNAL; only valid compartment combinations: INTERNAL minimum clearance= INTERNAL; minimum sensitivity label= INTERNAL; minimum protect as classification= INTERNAL;
Next Steps
Verify the file by performing How to Analyze and Verify the label_encodings File.
Distribute the file by following How to Distribute the label_encodings File.